Compliance Officer, FedRAMP (Remote- US Based) at Dispel | Torre
warning

Heads-up

The job you’re trying to post already exists in Torre:

Compliance Officer, FedRAMP (Remote- US Based)

You'll own critical FedRAMP authorization, securing vital infrastructure and shaping compliance from the ground up.
Emma highlights
This highlight was written by Emma’s AI. Ask Emma to edit it.
Full-time

Legal agreement: Employment

Compensation
USD122k - 151k/year
location_on
Remote (for United States residents)
Match
skeleton-gauges
You have opted out of job matches in .
To undo this, go to the 'Skills and Interests' section of your preferences.
Review preferences
Shared by
Emma of Torre.ai
about 2 months ago

Requirements and responsibilities


About DispelDispel is the fastest-growing cybersecurity company recognized in the 2025 Cybersecurity Excellence Awards. We deliver zero-trust secure remote access and real-time data streaming for operational technology (OT) and industrial control systems (ICS). Our patented Moving Target Defense technology—referenced in NIST 800-172—protects critical infrastructure for utilities serving 54 million+ people, manufacturers producing over 50% of U.S. baby formula, and major defense programs including a $950M IDIQ with the U.S. Air ForceThe RoleWe’re looking for a Compliance Officer to own Dispel’s FedRAMP authorization and steward our broader portfolio of compliance certifications. You’ll be the primary interface with our agency sponsor, and internal engineering teams—translating complex federal requirements into actionable work while maintaining rigorous evidence collection and documentation practices.This role is critical to unlocking the federal market and sustaining customer trust across regulated industries. You’ll have the opportunity to shape the program from the ground up at a pivotal moment of growth.RequirementsFedRAMP Authorization (Primary Focus)Own the FedRAMP authorization lifecycle from SSP development through continuous monitoring.Serve as primary liaison with our agency sponsor and their FedRAMP AODR.Coordinate with our 3PAO on assessment readiness, evidence collection, and remediation tracking.Manage SSP, SAR, POA&M, and all FedRAMP deliverables in OSCAL formats.Track control implementation across all FedRAMP controls and maintain the Control Responsibility Matrix (CRM).Prepare for annual assessments and significant change requests; monitor PMO guidance and Rev 5 requirements, adapting documentation accordingly.Continuous Monitoring & POA&M (FedRAMP)Manage POA&M items end-to-end through remediation.Coordinate monthly ConMon deliverables and vulnerability scanning cadence.Track deviation requests and risk acceptances with agency authorizing officials.Ensure timely submission of significant change requests and security impact analyses.Multi-Framework ComplianceCoordinate SOC 2 Type II audits and evidence collection via Drata.Support ISO 27001, ISO 9001, and IEC 62443 certification efforts.Manage CMMC Level 2 compliance for DoD contract support.Map controls across frameworks to reduce duplication and streamline evidence collection.Maintain the compliance calendar and a continuous audit-ready posture.OSCAL & Compliance AutomationLead adoption of OSCAL (Open Security Controls Assessment Language) for machine-readable compliance.Implement component-based documentation for reusable control narratives.Partner with engineering on internal OSCAL tooling and evidence-collection workflows.Define requirements for continuous-compliance automation.Policy, Stakeholders & Security ProgramMaintain security policies aligned with NIST 800-53 Rev 5; keep corporate and FedRAMP boundary documentation consistent.Develop and exercise Contingency Plan (ISCP), DRP, and BCP with annual testing.Prepare compliance briefings for leadership and the board; interface with federal agency stakeholders.Support customer security questionnaires and due diligence requests.Partner with the SOC team on audit-log retention, incident response documentation, and playbook alignment.What You BringRequired:5–8 years in cybersecurity compliance, GRC, or information security.Direct experience with the FedRAMP authorization process (Moderate or High).Strong working knowledge of NIST 800-53 Rev 5 and FedRAMP requirements.Hands-on experience with SSP development, POA&M management, and 3PAO coordination.Familiarity with compliance platforms (Drata, Vanta, Archer, or similar).Cloud security compliance experience (AWS required).Excellent technical writing, project management, and stakeholder communication skills.Ability to translate technical controls into business-understandable terms.Nice to Have:FedRAMP authorization experience specifically.Background with federal civilian agencies (Department of State, DHS, etc).Knowledge of IEC 62443 and OT/ICS security standards.CMMC and DoD compliance experience.Hands-on OSCAL experience (catalogs, profiles, component definitions, SSP models).AWS GovCloud compliance experience.Working knowledge of SOC 2, ISO 27001, and ISO 9001 frameworks.Prior startup or high-growth company experience.Certifications (Preferred, Not Required)CISA, CISM, or CISSP.FedRAMP 3PAO experience.ISO 27001 Lead Auditor or Lead Implementer.AWS Certified Security – Specialty.CompTIA Security+ or equivalent.Eligibility:Must be a U.S. citizen.Ability to obtain and maintain a security clearance preferred.Public Trust or higher clearance is a plus for agency interactions.BenefitsWhat We Offer:122-151K base + equity and performance bonus eligibleFull medical, vision, and dental insuranceGenerous PTORemote-first culture with flexible hoursOpportunity to protect critical infrastructure at scaleWork with patented, cutting-edge security technologyDirect ownership of SOC maturationCollaborative team with military, federal, and private sector expertiseSecurity ClearanceDue to federal customer and FedRAMP requirements, this role requires US Person status (citizen or permanent resident) under ITAR/EAR regulations.Ability to obtain and maintain a security clearance preferred
Optionally, you can add more information later (benefits, pre-screening questions, etc.)
check_circle

Payment confirmed

A member of the Torre team will contact you shortly

In the meantime, continue adding information to your job opening.